Malware, or malicious software, attacks take many different forms and target many different types of web content. Computer viruses, worms, trojan horses, spyware, rootkit, adware, spam, phishing . . . are but a few types of malware. FIG. 1 (prior art) illustrates a few simple scenarios of how attackers may send malware to end users. Depending on the actual type of web content provided to the end users, the attackers may target different stages or aspects of the process of transferring web content to the end users.
For example, sometimes, malware is sent to potential victims disguised as legitimate communications, such as attachments to email messages. The attacker 130 may send an email, a SMS (short message service), or an IM (instant messaging) to the end user 120 directly with a piece of malware 141 hidden in the message. Sometimes, malware is embedded in web page source code and sent to potential victims when the victims request these infected web pages. The attacker 130 may send a piece of malware 143 to the web server 110, and the malware 143 embeds itself in the web page source code or modifies the web page source code to perform some unauthorized actions. When the end user 120 requests the infected web page, the piece of malware 143 is sent to the end user 120 along with the requested web page 151. Sometimes, malware is injected into web feeds, such as Atom or RSS feeds, and sent to potential victims along with feed content. The attacker 130 may inject a piece of malware 142 directly into the web feed 152 sent from the web server 110 to the end user 120.
Many types of anti-malware methods and products have been developed to combat malware attacks. Some detect malware based on known malware patterns. Some block suspicious types of web content, such as executable files or popup windows. Some rank web content based on their safety levels. However, most anti-malware solutions focus on detecting various forms of malware rather than removing malware from infected web content.